Data protection policy
Privacy statement
1. ABOUT THIS PRIVACY POLICY
Robert Bosch (South East Asia) Pte. Ltd. and its subsidiaries and related companies in ASEAN (‘Robert Bosch Singapore’, ‘we’, ‘us’ ‘our’, etc.) take the protection of your personal data very seriously. Consequently, data protection and information security are an integral part of our corporate policy for ASEAN.
‘Personal data’ means all the information that relates to an identified or identifiable natural person (that is, an individual) – for example, your name, telephone number, email address and street / mailing address.
In this Privacy Policy, we set out information about how we process personal data if and when we collect personal data about you in connection with providing you with our products and/or services or otherwise do business with you and when you use our online service. (Our website may include links to third party websites. They are not covered by this Privacy Policy. Please check the third party website for information about how they may process personal data.)
This Privacy Policy does not include how we process personal data in connection with recruitment, human resources management and ex-employees. If you would like information about how we process personal data for these categories of individuals, please email asean.dpo@sg.bosch.com and we will be happy to send you a copy of it.
2. HOW TO USE THIS PRIVACY POLICY
We have written this Privacy Policy in a way that is straightforward and easy for you to understand. You are welcome to read it from end-to-end. Otherwise, you may like to click on a link below to take you directly to the parts of it that are most relevant to you.
For general information about how we process personal data, how we keep it secure, when we dispose of personal data and when we transfer it overseas (general information), (security), (disposal) and (overseas transfer).
To find information relevant to your relationship with us:
• customers
• business partners, suppliers and other business contacts
• users of our online service
To find information about your rights:
• limiting the information you provide to us
• withdrawing consent; opting out of marketing messages
• data accuracy
• access to personal data
• correction of personal data
• making a complaint
3. GENERAL INFORMATION ABOUT HOW WE PROCESS PERSONAL DATA
3.1 Standard of data protection laws
Some countries in ASEAN do not yet have data protection laws. If you live in such a country we generally aim to protect your personal data as if there were data protection laws that apply to you.
The data protection laws in some countries in ASEAN are different from the data protection laws in other countries in ASEAN. We generally aim to protect your personal data as if the strictest standard of data protection law applies to you.
3.2 General principles that we apply when we process personal data
We collect personal data about you only for specific and legitimate purposes. We notify you about those purposes and we process such personal data only in ways that are compatible with the specific and legitimate purposes that we tell you about. We process personal data about you lawfully and fairly.
We only collect personal data about you that is adequate and not excessive in relation to the purpose(s) for which we process it. We take care to make sure such personal data is accurate and relevant and, where necessary for the purposes for which we process it, we keep it up-to-date.
We retain personal data about you only for so long as we need to do so for legal and business purposes. For so long as we retain such personal data we make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
3.3 Lawful bases of processing
We want to treat all of the individuals with whom we interact equally, but sometimes we cannot do so because of the way we must apply the laws.
In Singapore, the data protection law requires us to obtain your consent before we collect, use, disclosure and store (collectively, ‘Process’) personal data about you, except where there is an exception to the requirement for consent. For example, we do not need consent to process personal data to respond to an emergency threatens someone’s life, health or safety.
Elsewhere in ASEAN, the data protection laws lay out the lawful bases on which we may process personal data about you. Broadly, these are:
• where processing personal data is necessary for us to fulfil a contract we have with you – for example, where we have provided you with a product warranty – or in order to take steps at your request prior to entering into a contract
• where the processing is necessary for us to comply with a legal obligation to which we are subject
• where the processing is necessary to protect your vitally important interests, including your life and health
• where the processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such legitimate interests are over ridden by your fundamental rights and freedoms and/or
• where we have your consent to process personal data about you
4. CUSTOMERS
4.1 How we collect personal data about or relating to our customers
We generally collect personal data directly from you. We will ask you for it (including contact information) when you interact with us, including when we are responding to your enquiries about our products or services. Sometimes we collect it from a third party, but only after checking that the third party has the right to provide the personal data to us – for example, where they do so at your request to enable us to provide information to you or to provide you with our products and/or services.
Customer Identity & Access Management - CIAM
CIAM serves as a leading system for the authentication and administration of external identities (e.g. customers) using an unambiguous identifier as user ID. It therefore is to be used by all applications providing a login to external users. Beyond login, CIAM provides a registration and various self services (e.g. forgot password, account deletion) enhancing the user experience.
You would need to register a CIAM account with Bosch to use the basic functions of our products or services, you need to register a CIAM account. Thereafter, you would need to fill in your mobile phone number for login verification. For CIAM privacy policy, please refer to here.
4.2 The types of personal data that we collect
The personal data we collect about or relating to you depends on the circumstances in which we interact with you. We only collect personal data for purposes that are directly related to our business activities and when it is necessary for such purposes. We set out more specific information below, but generally:
• when you initiate contact with us, we collect contact information from you that enables us to respond to you and that generally enables us to communicate with you, and send messages to you, for the purpose or purposes for which you contacted us – for example, your name, username, email address, phone number, mailing address, physical / street address and your IP address – if at any time we ask for information that you prefer not to provide, please let us know.
• we collect information about our relationship with you, such as the types of products and/or services that we provide that may be of interest to you and information that helps us tailor our services to you
• we collect transaction information about how you interact with us, including enquiries, account information, transaction information when you purchase our products and/or use or services and information about how you use our products and/or our services – transaction information may include your payment card (or other payment) details when you purchase products through our website or otherwise pay us for providing you with products and/or services and
4.3 Why we collect personal data and how we use it
Product offering, sales and support
In connection with our product offerings, sales and support we collect personal data that is about you or relates to you when:
• you request information from us about products or services and/or you seek support, such as clarification of vehicle application, report application error and we use that personal data only for the purpose for which we collected it
Technical support
In connection with technical support we collect and use personal data that is about you or relates to you when you register a product with us for technical support and (in each case) we use that personal data only for the purpose for which we collected it
4.4 When we disclose personal data
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
• to our subsidiaries and related companies where reasonably necessary for the various purposes for which we use such personal data – see ‘Howe we use personal data about or relating to you’
• we engage a third party service provider to assist us with conducting the activities for which we collect and use the personal data, such as service dealers, retailers, training providers and agents – in this case, the third party service provider is under contractual arrangements with us to ensure that your personal data is protected
• you consent
• you would reasonably expect, or you have been told, that personal data of that kind is usually passed to those individuals, bodies or agencies
• we are required or authorised by law to disclose it
5. BUSINESS PARTNERS, SUPPLIERS AND OTHER BUSINESS CONTACTS
5.1 How we collect personal data about or relating to our business partners
We generally collect personal data directly from you. We will ask you for it (including contact information and relationship information) when you interact with us, including when we are responding to your enquiries about our services and pricing or when we are working with you in the course of establishing a business relationship with you and/or company and when we are providing our services to you and/or your company.
Sometimes we collect personal data about you from a third party, such as another individual working at your company – for example, when they add you to a project team.
Sometimes an entity providing services to us collects it from you on our behalf (for example, where you take an item (such as a motor vehicle) to a service workshop (whether or not it is a Bosch-branded workshop) and the service workshop interacts with us directly or indirectly in the course of providing its services to you. In any such case, we have arrangements in place so that the service provider is under a contractual obligation to ensure that your personal data is protected and not used by the service provider for any purpose other than providing the specific contracted service to you.
5.2 The types of personal data that we collect
If you are an individual who does business with us, including if you work for a company that does business with us, we or our service provider (for example, where a service provider operates a website on our behalf, such as an e Commerce portal) may collect the following types of personal data about or relating to you:
• contact information that enables communication with you – such as your name, username, work email address, work phone number and mobile phone number
• information about our business relationship with you and that helps us to do business with you and/or with the your company, such as the types of products and/or services that we provide that may be of interest to you and/or your company and information that helps us tailor our services for you and/or your company and
• transaction information about how you interact with us, including enquiries, account information, transaction information when you and/or your company purchase our products and/or use our services and information about how you and/or your company use our products and/or our services
5.3 How we use personal data about or relating to you
We use personal data about or relating to you:
• to fulfil your and/or your company’s requests for products and/or services and for related activities, such as products and/or service delivery, customer service, account / relationship management, support and training and to provide other services related to your and/or your company’s business relationship with us
• to send you marketing communications, including offers that may be targeted based on your and/or your company’s apparent interests, business characteristics and location
• to administer surveys and to carry out promotional events and to determine if you and/or your company are eligible for certain services or offers
• to provide you and/or your company with additional information that we think may be of interest to you and/or your company, such as news about us, announcements made by us and technical information such as technical service bulletins
• to manage our everyday business needs and interactions with you and/or your company, including delivering our products and/or services to you and/or your company, processing payments, managing our financial accounting, carrying out product research and development, administering our website, analysing your and/or your company’s use of our services, preventing fraud and maintaining the security of our systems and processes, reporting and legal compliance and managing our business continuity
5.4 When we disclose personal data about or relating to you
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
• to our subsidiaries and related companies where reasonably necessary for the various purposes for which we use such personal data – see ‘How we use personal data about or relating to you’
• when we engage a third party service provider to assist us with conducting the activities for which we collect and use personal data, such as persons that provide services to us (such as physical product delivery, audit services and other internal management purposes) – in these cases, the third party service provider is under contractual arrangements with us that require the service provider to ensure that your personal data is protected and not used by the service provider for any purpose other than providing the specific contracted service
• we are required or authorised by law to disclose it
6. USERS OF OUR ONLINE SERVICES
6.1 Using cookies and other tracking mechanisms
In the context of our online service, we may use cookies and other tracking mechanisms. Cookies are small text files that may be stored on your device when you visit our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis. We distinguish between:
• cookies that are mandatorily required for the technical functions of the online service
• cookies and tracking mechanisms that are not mandatorily required for the technical functions of the online service – it is generally possible to use the online service with these cookies and tracking mechanisms
6.2 Technically required cookies
‘Technically required cookies’ means those cookies that are necessary for ensuring the technical provision of the online service. They include, for example, cookies that store data to ensure smooth reproduction of video or audio footage. Technically required cookies will be deleted when you leave the website.
6.3 Cookies and tracking mechanisms that are not technically required
We only use cookies and tracking mechanisms that are not technically required if you have given us your prior consent in each case. With regard to these cookies and tracking mechanisms, we distinguish:
• convenience cookies – they facilitate operation of the online service and thus allow you to browse it more comfortably (for example, your language settings may be included in these cookies)
• marketing cookies and tracking mechanisms:
o marketing cookies and tracking mechanisms enable us and our partners to show you offerings based on your interests, resulting from an analysis of your user behavior
o statistical tools enable us to measure, for example, the number of pages in our online service you that you view
o conversion tracking tools are placed on your device by our marketing partners if you accessed our website via an advertisement of such marketing partner (and are normally are no longer valid after 30 days) – if you visit certain pages of our website and the cookie has not yet expired, we and the relevant marketing partner can recognise that you clicked on the advertisement and were redirected to our website, which enables us to compile conversion statistics and to record the total number of users who clicked on the relevant advertisement and were redirected to our website
•social plugins – some of the pages of our online service involve content and services of other providers (for example, Facebook, Twitter), which may also use cookies and active modules – for more details regarding social plugins please refer to the section below on social plugins
You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. (Note: the settings you have made refer only to the browser used in each case.)
If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of convenience cookies, marketing cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.
• Name: Google Analytics Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Function: Analysis of user behavior (page retrievals, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking, and retargeting in conjunction with Google Ads
• Name: Google Tag Manager Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Function: Administration of website tags via a user interface, integration of program codes on our websites
• Name: Google Ads Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Function: Placement of advertisements, remarketing, conversion tracking Further information is available at: https://adssettings.google.com/authenticated
6.4 Content Delivery Network of Microsoft Azure
In order to optimize the loading times of this website, we use a so-called “Content Delivery Network” (CDN) Services, offered by public cloud from Microsoft, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
The use of the CDN Services represents a predominant legitimate interest within the meaning of article 6 section 1 lit. f GDPR.
In context of this processing, personal data is transmitted to the USA. The Transmission is based on European Standard Contractual Clauses in which Microsoft guarantees to comply with the European data protection law for its provided services.
Further information about the privacy policy of Microsoft is available here: https://privacy.microsoft.com/en-us/privacystatement.
6.5 Social plugins
In our Online Offers we may use so-called social plugins from various social networks, such as ‘Like’, ‘Share’ and ‘comment’ buttons made available by Facebook, Twitter, Google+, Pinterest, Instagram, TMall and WeChat.
When you use a social plugin – for example, when you decide to ‘Like’ or ‘Share’ something –your internet browser creates a direct connection to the relevant social network’s server. The result is that the relevant social network provider receives the information that your internet browser accessed from the site on which we make our Online Offers available to you. This happens even if you do not have a user account with the relevant social network provider or are currently not logged into your account. Log files (including the IP address) are, in this case, directly transmitted from your internet browser to a server of the relevant social network provider and might be stored there.
The relevant social network provider or its server may be located outside the European Union or the European Economic Area (for example, they may be in the United States).
Social plugins are standalone extensions by social network providers. For this reason, we are unable to influence the scope of data collected and stored by them.
The purpose and scope of the collection of data by a social network, the continued processing and usage of that data by the social network as well as your respective rights and setting options to protect your privacy can be found by consulting the relevant social network's data protection notice.
In case you do not wish social network providers to receive and, if applicable, store or use data, you should not use the respective plugins – that is, you should not use a ‘Like’, ‘Share’, ‘comment’ or similar button on our website.
By using the so-called two click solution (provided by Heise Medien GmbH & Co. KG) we protect your visit to our web pages from being logged and processed by social network providers by default. When using a page of our internet presence which contains such plugins, these are initially deactivated. The plug ins are activated only when you click on the respective button.
7. Mobile applications
7.1 Usage of our mobile applications
In addition to our Online Offers, we offer mobile applications ("Apps"), which you can download to your mobile device. We also collect personal data through our apps when you use a mobile device, if you consent.
Some of our apps include location based services, through which we provide you offers tailored to your specific location. Your movement is not tracked. You can de-activate this function in the app settings, or in your mobile device operating system.
In order to provide you with a more user friendly platform, and also to perform range measurements and market research, we may use app analysis tools on some of our apps.
8. YOUR RIGHTS
8.1 Limiting the information you provide to us
If we ask you for personal data that you do not want to provide, please tell us and we will try to continue without it. However, it might not be possible for us to provide the product or service that you are seeking or lack of personal data may result in inconvenience to you when we are providing such product or service.
8.2 Withdrawing consent and opting out of receiving marketing messages
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time. You can do this by notifying us in writing (which includes email) – see no. 12 for our contact details.
If you have registered for a MyBosch Account you may login to it and edit your contact permissions in the My Profile section of it. Alternatively, you can opt out of commercial emails by clicking the ‘unsubscribe’ line at the bottom of any such email that we send to you. Please note that if you opt-out of commercial emails we may still need to contact you with important transactional information about you and/or your company’s account and/or about a product and/or service that you have purchased from us.
8.3 Data accuracy
We take steps to ensure that the personal data we collect is accurate, up-to-date and complete. This includes updating it if and when you let us know that it has changed. If you have registered for a MyBosch Account you may
login to it and amend the details in the My Profile section of it. Alternatively, please let us know about any changes by notifying us in writing (which includes email).
8.4 Access to personal data
You can request us to provide you with a copy of personal data about you or that refers to you that is in our possession or under our control. We will also give you information about the ways in which we have, or may have, used or disclosed it within the previous 12 months.
If you have registered for a MyBosch Account you may login to it and navigate to the My Products and My Orders sections of it to find out when we have used your personal data for the purpose of products purchased from us and product orders with us. Alternatively, please ask us in writing (which includes email). We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as reasonably possible. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request.
We reserve the right to charge a fee for access to your personal data, which will be limited to the incremental costs incurred by us in meeting your request. We will notify you of the amount (or, if that cannot be determined, the estimated amount) of the fee before fulfilling your request.
8.5 Correction of personal data
You can request us to correct on error or omission in personal data about you or that refers to you that is in our possession or under our control.
If you have registered for a MyBosch Account you may login to it and amend the details in the My Profile section of it in order to correct any error or simply to update your personal data. Alternatively, notify us about your correction request in writing. We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as practicable. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request. We may also send the corrected personal data to other organisations to which we have disclosed your personal data.
9. SECURITY OF YOUR PERSONAL DATA
As a leading global supplier of technology and services we take the security of personal data about or referring to you seriously
We have appropriate security measures in place to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will process your personal data only on our instructions.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of an actual or suspected personal data breach where we are required by contract or law to do so.
10. DISPOSAL OF PERSONAL DATA
We will cease to retain documents that contain personal data about you or that refers to you as soon as it is reasonable to assume that the purpose for which we collected it is no longer being served by us retaining it and we no longer need it for a business or legal purpose. Alternatively, we may anonymise the personal data so that it can no longer be associated with you.
11. TRANSFER OF PERSONAL DATA OVERSEAS
We may from time to time, depending on the circumstances under which you provided personal data to us, have a business need to transfer it (or a copy of it) out of the country in which you gave it to us and to one of our subsidiaries or related companies a different country. For example, if you gave it to us outside of Singapore we might need to transfer it to our regional headquarters in Singapore.
We have entered into contracts to ensure that personal data about or relating to you is treated by the receiving entity with the same degree of care as is required by this Privacy Policy. This includes us adopting uniform practices / standard operating procedures (SOPs) in all of our subsidiaries and related companies in ASEAN (and in the location of our global headquarters, in the European Economic Area).
12. MAKING A COMPLAINT
If you have any complaint about the way in which we have processed personal data about you or that refers to you – that is, if you feel we have not complied with this Privacy Policy and/or with the applicable data protection / privacy law please let us know. You may do this in writing (which includes email). Please include the following:
• sufficient contact details to enable us to identify you
• clear and succinct details about the nature of the complaint – for example, what happened, when you became aware of it and who was involved
• an outline of the impact the event that happened has had on you and
• details of what you would like to see happen to resolve your complaint
We will acknowledge receipt of your complain as soon as practicable. Then we will investigate it. We may need to obtain further information from you, speak to relevant staff members, review relevant documents and/or obtain legal or technical advice to do our investigation. Once we have completed our investigation, we will write to you to let you know the outcome of the investigation.
13. CONTACTING US
You can contact us to get further information in relation to this Privacy Policy, to provide comments or to make any complaint by contacting our data protection officer as follows:
By letter: Data Protection Officer, ASEAN Region Robert Bosch (S.E.A.) Pte. Ltd. 11 Bishan Street 21 Singapore 573943
By email: asean.dpo@sg.bosch.com
By phone: +65 6258 5511
14. POLICY CHANGES
We reserve the right to change and update this Privacy Policy from time to time. We will notify changes by posting them on our website. The amended Privacy Policy will come into effect from the time that it is posted on our website.